Rules for secure online payments using a bank card

When performing payments or transferring money online

  1. Use only protected, tested and trusted sites with addresses that starts with https:// or sites with a padlock icon displayed in the web browser.
  2. Process your transactions using a secure computer that is not accessed by third parties – do not use computers for public use or those that belong to third parties.
  3. Do not forget to update the operating system and all anti-virus software.
  4. Beware of phishing sites when making online payments. To view a list of known fishing sites, refer to of Ukrainian Interbank Association of Members of Payment Systems (EMA).
  5. Never enter your PIN code when concluding an online transaction!
    Purchases only require your:
    - card number;
    - card expiry month and year;
    - CVV2/CVC2 code;
    - one-time password (if the site supports 3D-Secure technology).
  6. The password through the SMS notification provided by the bank creates an additional «threshold» or level of security for cards protected by the 3D Secure system. The bank sends the password to the phone number assigned to your card account. This provides an additional means of protection for you and your card against fraud.
  7. Make sure that the website is not put on the «Black list of fraudulent sites» compiled by the Ukrainian Interbank Payment Systems Member Association (EMA). The verification only takes several minutes and ensures that your online payment is secure.
  8. Beware of trusting «too good to be true» offers. Remember, that provider never offers anything for free!
  9. Use the «White list of trustworthy providers» prepared by the EMA
    Always use trusted sites to make sure your online payment is secure.

Learn about the most common techniques used by fraudsters during online transactions. Protect your money!

The most common scams used during online transactions are fictitious «buyers» and «sellers»

Fraudsters use the following scams by pretending to be «buyers» for goods are selling online. Sometimes they use real people's phone numbers found online, i.e. on private ad sites where sellers often provide their mobile phone numbers.

  1. When the fraudster pretends to be a buyer:

    - In most cases, the criminal is attempting to obtain the seller’s card details by claiming that he wants to prepay for a product.

    - Fraudsters often work together: one asks the seller to provide his card number, while the other calls the seller, allegedly on behalf of the bank, claiming that the funds have been received but that the seller’s card details are needed to credit the payment.

    - The fraudster pretending to be the buyer or his partner (the employee of the bank) may direct the seller to an ATM to «assist» in crediting the prepayment for the product. Using the ATM, the user may transfer the money only to another person’s card, and never vice versa. The criminal is attempting to involve the victim in committing the fraud.

  2. If the fraudster pretends to be the seller,

    it is usually to offer fictitious goods to buyers. No matter what «goods» they may be offering, all scams have the following common attributes:

    - Fraudsters offer products at prices that than those, which are proposed by others. The availability and quality of the fictitious good is «confirmed» by pictures found online (by the way, a buyer can verify a picture using the Google search engine to determine whether the seller really has the washing machine he claims to be selling).

    - Fraudsters devise various pretexts to convince the buyer to transfer the total price as a lump sum payment or prepay a large part of the price (for instance, by claiming that another buyer is interested in purchasing the item).

    - They may also try to obtain the details of your card, allegedly to make a card-based payment (criminals may also work together on scams, for example, one of them poses as the seller, and the other as the officer of the bank who is «authorized to process the payment». As a rule, they claim that in order to transfer the money to «this particular card» (the «seller’s» card), the bank needs to know the buyer’s card details).

Be vigilant. Suspicious behaviour by the seller includes refusing to send other pictures of the item or requesting a prepayment or payment of the full amount.

Never pay in full until you have received the product. Select post-payment. Use the «Secure deal» service from «Nova poshta». This service facilitates card-based payments (the amount equal to the value of the product is «blocked» on the buyer’s card. Once the item is acquired, the relevant amount is transferred to the seller’s card). In this case, both parties are protected from fraud.

Phishing sites

Fraudsters also design websites that are identical to those of legitimate providers which offer money transfers and mobile phone account top-up services. Their goal is to obtain the user’s card details. This type of scam is called «phishing».

These sites make online card-based payments very attractive for clients:

  • They offer more appealing terms (e.g. zero commission).
  • The site design may resemble a popular legal site.
  • With the help of paid advertising, the fraudsters may even succeed in improving the rating of their fake site, and the address may appear high in search engine results for certain queries (e.g. «top-up mobile phone account», «transfer to card»).

Phishing services request their clients to complete a payment form. The user enters the confidential data on his/her own card (the card number, card validity, three-digit code on the back of the card (CVV2/CVC2), and, in some cases, the user confirms the transaction using the code provided in an SMS received from the bank). The criminals use this data to steal money from the account.

Fraudsters design sites that sell cheap airline tickets or fake online lending services (these sites also ask users to provide their cards details). When attempting to purchase an airline ticket via a phishing site, the client may even receive a «hard copy» of the «ticket»: the user enters the details of his/her card into the payment form, receives confirmation of the alleged purchase and, in some cases, can even print out the ticket. In reality, however, the ticket is fake. Meanwhile, the fraudsters can now use your card data to steal money from your account.

To ensure the security of online payments, always verify the reputation of service providers (for details, using the website of Ukrainian Interbank Payment Systems Member Association (EMA)).

How to spot a scam payment site

Materials published by Ukrainian Interbank Payment Systems Member Association (EMA)